PT-2026-42132 · Nlnet+4 · Unbound+4
Qifan Zhang
·
Published
2026-05-20
·
Updated
2026-06-30
·
CVE-2026-42959
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
NLnet Labs Unbound versions prior to 1.25.1
Description
A denial of service issue exists in the DNSSEC validator. When constructing chase-reply messages for validation, the software uses an incorrect counter to calculate write offsets for ADDITIONAL section rrsets. DNAME duplication can increase the ANSWER section count, while authority filtering can decrease the AUTHORITY section count, creating an uninitialized array slot. The validator subsequently dereferences this uninitialized pointer, leading to a process crash. An attacker controlling a DNSSEC-signed domain can trigger this by configuring a DNAME chain with unsigned CNAMEs and a response containing unsigned AUTHORITY records along with signed ADDITIONAL glue records.
Recommendations
Update to version 1.25.1.
Fix
DoS
Access of Uninitialized Pointer
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freebsd
Linuxmint
Rocky Linux
Ubuntu
Unbound